Page 1 of 1

Working Cisco VPN Fedora 18 with racoon

PostPosted: Sun Dec 09, 2012 6:01 pm
by mariuszs
Hey,

Very simple and working configuration for old and dead Cisco Vpn with cert authentication. All you need on Fedora is package ipsec-tools (no racoon2).

Configuration /etc/racoon/racoon.conf:

Code: Select all
# Racoon IKE daemon configuration file.
# See 'man racoon.conf' for a description of the format and entries.
path include "/etc/racoon";
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";
path script "/etc/racoon/scripts";
sainfo anonymous
{   
        lifetime time 1 hour ;
        encryption_algorithm 3des;     
        authentication_algorithm hmac_md5;
        compression_algorithm deflate ;
}
remote YOUR_CISCOVPN_GATE_IP
{
        exchange_mode main;
        my_identifier asn1dn;
       certificate_type x509 "client.crt" "client.key";
   ca_type x509 "ca.crt";

        mode_cfg on;
        script "p1_up_down" phase1_up;
        script "p1_up_down" phase1_down;
        proposal
        {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method xauth_rsa_client;
                dh_group modp1024;
        }
}


Prepare certs:

Code: Select all
openssl pkcs12 -in YOUR.p12 -out ca.crt -nokeys -cacerts
openssl pkcs12 -in YOUR.p12 -out client.crt -nokeys -clcerts
openssl pkcs12 -in YOUR.p12 -out client.key -nodes -nocerts

All certs put in /etc/racoon/certs

and setup racoon with
Code: Select all
sudo racoon -F

connect with
Code: Select all
sudo racoonctl -d  vc YOUR_CISCOVPN_GATE_IP


After this: VPN connexion established :D